<div>
    Use <a href="https://apereo.github.io/cas/">CAS</a> for authentication and Single Sign-On (SSO).

    <p>
    With this option, users will be redirected to CAS when their identity needs to be verified.
    The CAS server will either display a login form to enter credentials, or immediately redirect
    back to Jenkins if the user had already signed successfuly into another CAS-enabled application.
    
    <p>
    This security realm also supports the <a href="https://apereo.github.io/cas/6.2.x/integration/Attribute-Release.html">Attribute Release</a>
    feature out-of-the-box when using the CAS 3.0 or SAML 1.1 protocols; the CAS 1.0 and 2.0 protocols may require
    custom extensions to provide this functionality. Attributes enable the synchronization of the
    user's full name and email address with CAS-provided values (e.g. extracted from a LDAP directory),
    and bring support for Jenkins groups/roles mapping.

</div>